Total
10329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11771 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | |||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
| CVE-2015-7740 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | |||||
| CVE-2015-8138 | 1 Ntp | 1 Ntp | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | |||||
| CVE-2016-10384 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. | |||||
| CVE-2017-0694 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. | |||||
| CVE-2017-0874 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. | |||||
| CVE-2015-9055 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. | |||||
| CVE-2015-2245 | 1 Huawei | 2 P7-l09, P7-l09 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | |||||
| CVE-2017-6955 | 1 Teleogistic | 1 Invite Anyone | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack. | |||||
| CVE-2016-10068 | 3 Imagemagick, Opensuse, Opensuse Project | 3 Imagemagick, Leap, Leap | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | |||||
| CVE-2017-7283 | 1 Unitrends | 1 Enterprise Backup | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | |||||
| CVE-2016-6603 | 1 Zohocorp | 1 Webnms Framework | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | |||||
| CVE-2017-15591 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | |||||
| CVE-2016-10176 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. | |||||
| CVE-2016-4862 | 1 Cs-cart | 1 Cs-cart | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||||
| CVE-2016-6131 | 1 Gnu | 1 Libiberty | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | |||||
| CVE-2017-5081 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. | |||||
| CVE-2017-8004 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under. | |||||
| CVE-2017-12286 | 1 Cisco | 2 Jabber, Webex Meeting Center | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418. | |||||